home

__uninstall_.exe

JumpyApps

The file is a bundle distribution and utilizes the installCore download manager to distribute this potentially unwanted software. The application __uninstall_.exe by JumpyApps has been detected as adware by 19 anti-malware scanners. The program is a setup application that uses the installCore installer. The setup program uses the InstallCore engine which may bundle additional software offers including toolbars and browser extensions. It is also typically executed from the user's temporary directory.
Publisher:
JumpyApps  (signed and verified)

MD5:
5997558132e0d4dd02e85dd1e43eed97

SHA-1:
8c52c02882f17cbc35b6d3f594141179f1a095e4

SHA-256:
4ed1186437fc51b27f992b150d8f813ef89c1f3452971550592173bb101814f0

Scanner detections:
19 / 68

Status:
Adware

Explanation:
Uses the InstallCore download manager to install additional potentially unwanted software which may include extensions such as DealPly and various toolbars.

Description:
This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:
4/23/2024 4:30:02 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Trojan.GenericKD.2123759
6419565

Agnitum Outpost
Trojan.Injected
7.1.1

Avira AntiVirus
Adware/InstallCo.zlp
7.11.211.246

AVG
Generic_c
2016.0.3192

Bitdefender
Trojan.GenericKD.2123759
1.0.20.260

Comodo Security
ApplicUnwnt
21160

Dr.Web
Trojan.Packed.24524
9.0.1.05190

Emsisoft Anti-Malware
Trojan.GenericKD.2123759
9.0.0.4799

ESET NOD32
Win32/InstallCore.GZ potentially unwanted application
7.0.302.0

F-Secure
Trojan.GenericKD.2123759
5.13.68

G Data
Trojan.GenericKD.2123759
15.2.25

K7 AntiVirus
Unwanted-Program
13.197.15042

MicroWorld eScan
Trojan.GenericKD.2123759
16.0.0.156

Norman
Trojan.GenericKD.1984285
03.12.2014 13:20:04

nProtect
Trojan.GenericKD.2123759
15.02.17.01

Reason Heuristics
PUP.ironSource
15.2.21.9

Rising Antivirus
PE:Malware.XPACK-LNR/Heur!1.5594
23.00.65.15219

Sophos
PUA 'Install Core Click run software'
5.10

VIPRE Antivirus
Threat.4786018
36694

File size:
1.2 MB (1,302,112 bytes)

File type:
Executable application (Win32 EXE)

Bundler/Installer:
installCore (using Inno Setup)

Language:
Language Neutral

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\__uninstall_.exe

Digital Signature
Signed by:
JumpyApps

Authority:
COMODO CA Limited

Valid from:
2/17/2013 9:00:00 PM

Valid to:
2/18/2014 8:59:59 PM

Subject:
CN=JumpyApps, O=JumpyApps, STREET=63 Rothschild Blvd., L=Tel Aviv, S=NA, PostalCode=65785, C=IL

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
6DB423F9C6473168CF486AAF112EDD5C

File PE Metadata
Compilation timestamp:
6/19/1992 7:22:17 PM

OS version:
1.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
24576:jA20JVboExFG39dsFXZLJWAg4M3bLXmQzbbgWl/IZq58+BRaKXIYdCpdwl+OJKnz:jA2EboExmg/LsAg4GbLXmQzRJ5BRaK4P

Entry address:
0x9B24

Entry point:
55, 8B, EC, 83, C4, C4, 53, 56, 57, 33, C0, 89, 45, F0, 89, 45, DC, E8, A2, 95, FF, FF, E8, A9, A7, FF, FF, E8, D4, C9, FF, FF, E8, 1B, CA, FF, FF, E8, 0E, F3, FF, FF, E8, 75, F4, FF, FF, 33, C0, 55, 68, DB, A1, 40, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, A4, A1, 40, 00, 64, FF, 32, 64, 89, 22, A1, 14, C0, 40, 00, E8, 9B, FE, FF, FF, E8, 02, FA, FF, FF, 8D, 55, F0, 33, C0, E8, 04, D0, FF, FF, 8B, 55, F0, B8, E8, CD, 40, 00, E8, 53, 96, FF, FF, 6A, 02, 6A, 00, 6A, 01, 8B, 0D, E8, CD, 40, 00, B2, 01, B8...
 
[+]

Packer / compiler:
Inno Setup v5.x - Installer Maker

Code size:
37 KB (37,888 bytes)

Remove __uninstall_.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.